DSA-3267-1 chromium-browser -- chromium-browserID: oval:org.secpod.oval:def:602116 | Date: (C)2015-06-04 (M)2023-11-13 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1251 SkyLined discovered a use-after-free issue in speech recognition. CVE-2015-1252 An out-of-bounds write issue was discovered that could be used to escape from the sandbox. CVE-2015-1253 A cross-origin bypass issue was discovered in the DOM parser. CVE-2015-1254 A cross-origin bypass issue was discovered in the DOM editing feature. CVE-2015-1255 Khalil Zhani discovered a use-after-free issue in WebAudio. CVE-2015-1256 Atte Kettunen discovered a use-after-free issue in the SVG implementation. CVE-2015-1257 miaubiz discovered an overflow issue in the SVG implementation. CVE-2015-1258 cloudfuzzer discovered an invalid size parameter used in the libvpx library. CVE-2015-1259 Atte Kettunen discovered an uninitialized memory issue in the pdfium library. CVE-2015-1260 Khalil Zhani discovered multiple use-after-free issues in chromium"s interface to the WebRTC library. CVE-2015-1261 Juho Nurminen discovered a URL bar spoofing issue. CVE-2015-1262 miaubiz discovered the use of an uninitialized class member in font handling. CVE-2015-1263 Mike Ruddy discovered that downloading the spellcheck dictionary was not done over HTTPS. CVE-2015-1264 K0r3Ph1L discovered a cross-site scripting issue that could be triggered by bookmarking a site. CVE-2015-1265 The chrome 43 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the libv8 library, version 4.3.61.21.