All errata/sisyphus/ALT-PU-2015-2088-1
ALT-PU-2015-2088-1

Package update chromium in branch sisyphus

Version47.0.2526.80-alt1
Task#154710
Published2015-12-10
Max severityCRITICAL
Severity:

Closed issues (8)

BDU:2015-12254
CRITICAL10.0

Уязвимости браузера Google Chrome, позволяющие нарушителю оказать другое воздействие или вызвать отказ в обслуживании

Published: 2015-12-29Modified: 2021-03-23
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2015-12255
CRITICAL10.0

Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Published: 2015-12-29Modified: 2021-03-23
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2016-00008
CRITICAL9.3

Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Published: 2016-01-18Modified: 2021-03-23
CVSS 2.0CRITICAL 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C
References
BDU:2016-00967
MEDIUM4.3

Уязвимость браузера Google Chrome, позволяющая нарушителю внедрить произвольный Веб- или HTML-код

Published: 2016-04-19Modified: 2021-03-23
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
References
CVE-2015-6788
CRITICAL10.0

The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

Published: 2015-12-14Modified: 2025-04-12
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
CVE-2015-6789
CRITICAL9.3

Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion.

Published: 2015-12-14Modified: 2025-04-12
CVSS 2.0CRITICAL 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C
References
CVE-2015-6790
MEDIUM4.3

The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string.

Published: 2015-12-14Modified: 2025-04-12
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
References
CVE-2015-6791
CRITICAL10.0

Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: 2015-12-14Modified: 2025-04-12
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References