MidnightBSD

Advisories for chromium

CVE-2014-7939 MEDIUM

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop_supplementary 6.0
redhat enterprise_linux_workstation_supplementary 6.0
chromium chromium 40.0.2214.110
opensuse opensuse 13.1
redhat enterprise_linux_server_supplementary 6.0
opensuse opensuse 13.2
google chrome *
redhat enterprise_linux_server_supplementary_eus 6.6.z
CVE-2014-7941 MEDIUM

The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop_supplementary 6.0
redhat enterprise_linux_workstation_supplementary 6.0
chromium chromium 40.0.2214.110
opensuse opensuse 13.1
redhat enterprise_linux_server_supplementary 6.0
opensuse opensuse 13.2
google chrome *
redhat enterprise_linux_server_supplementary_eus 6.6.z
CVE-2014-7942 HIGH

The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop_supplementary 6.0
redhat enterprise_linux_workstation_supplementary 6.0
chromium chromium 40.0.2214.110
opensuse opensuse 13.1
redhat enterprise_linux_server_supplementary 6.0
canonical ubuntu_linux 14.04
opensuse opensuse 13.2
canonical ubuntu_linux 14.10
google chrome *
redhat enterprise_linux_server_supplementary_eus 6.6.z
CVE-2014-7943 MEDIUM

Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop_supplementary 6.0
redhat enterprise_linux_workstation_supplementary 6.0
chromium chromium 40.0.2214.110
opensuse opensuse 13.1
redhat enterprise_linux_server_supplementary 6.0
canonical ubuntu_linux 14.04
opensuse opensuse 13.2
canonical ubuntu_linux 14.10
google chrome *
redhat enterprise_linux_server_supplementary_eus 6.6.z
CVE-2015-1205 HIGH

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
chromium chromium *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 14.10
google chrome *
CVE-2015-1346 HIGH

Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
chromium chromium *
canonical ubuntu_linux 14.04
google v8 *
canonical ubuntu_linux 14.10
google chrome *
CVE-2017-7000 MEDIUM

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
chromium chromium *
debian debian_linux 9.0
apple iphone_os *
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
apple mac_os_x *
CVE-2023-1531

Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
chromium chromium 112.0.5592.0
fedoraproject fedora 38
fedoraproject fedora 37
fedoraproject fedora 36
google chrome *