Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-1283 | 6.8 |
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspec
|
05-07-2022 - 18:57 | 23-07-2015 - 00:59 | |
CVE-2015-5605 | 5.0 |
The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1276 | 7.5 |
Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1273 | 6.8 |
Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF do
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1278 | 4.3 |
content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted doc
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1279 | 7.5 |
Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspeci
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1271 | 6.8 |
PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a c
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1287 | 4.3 |
Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Sam
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1272 | 7.5 |
Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChanne
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1289 | 7.5 |
Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1282 | 6.8 |
Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF do
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1274 | 6.8 |
Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open f
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1270 | 6.8 |
The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a d
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1277 | 7.5 |
Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for acc
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1281 | 4.3 |
core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image fr
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1284 | 7.5 |
The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (inva
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1275 | 4.3 |
Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted intent: URL, as demonstrated by a t
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1285 | 5.0 |
The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sens
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1288 | 6.8 |
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecifie
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1286 | 4.3 |
Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML b
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1280 | 7.5 |
SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing cra
|
30-10-2018 - 16:27 | 23-07-2015 - 00:59 | |
CVE-2015-1290 | 9.3 |
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
|
02-02-2018 - 14:20 | 09-01-2018 - 16:29 |