Vulnerabilities > CVE-2015-1263 - Code vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file.

Vulnerable Configurations

Part Description Count
Application
Google
3738
OS
Debian
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3267.NASL
    descriptionSeveral vulnerabilities were discovered in the chromium web browser. - CVE-2015-1251 SkyLined discovered a use-after-free issue in speech recognition. - CVE-2015-1252 An out-of-bounds write issue was discovered that could be used to escape from the sandbox. - CVE-2015-1253 A cross-origin bypass issue was discovered in the DOM parser. - CVE-2015-1254 A cross-origin bypass issue was discovered in the DOM editing feature. - CVE-2015-1255 Khalil Zhani discovered a use-after-free issue in WebAudio. - CVE-2015-1256 Atte Kettunen discovered a use-after-free issue in the SVG implementation. - CVE-2015-1257 miaubiz discovered an overflow issue in the SVG implementation. - CVE-2015-1258 cloudfuzzer discovered an invalid size parameter used in the libvpx library. - CVE-2015-1259 Atte Kettunen discovered an uninitialized memory issue in the pdfium library. - CVE-2015-1260 Khalil Zhani discovered multiple use-after-free issues in chromium
    last seen2020-06-01
    modified2020-06-02
    plugin id83784
    published2015-05-26
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83784
    titleDebian DSA-3267-1 : chromium-browser - security update
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201506-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201506-04 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact : A remote attacker can cause arbitrary remote code execution, Denial of Service or bypass of security mechanisms. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id84332
    published2015-06-23
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84332
    titleGLSA-201506-04 : Chromium: Multiple vulnerabilities
  • NASL familyWindows
    NASL idGOOGLE_CHROME_43_0_2357_65.NASL
    descriptionThe version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.65. It is, therefore, affected by multiple vulnerabilities : - A Use-after-free memory error exists in the SpeechRecognitionClient implementation that allows remote attackers, using a crafted document, to execute arbitrary code. (CVE-2015-1251) - The Write() and DoWrite() methods of the class PartialCircularBuffer do not properly handle wraps. A remote attacker, by using write operations with a large amount of data, can exploit this to bypass the sandbox protection or cause a denial of service. (CVE-2015-1252) - The DOM implementation in Blink does not properly handle SCRIPT elements during adjustment of DOM node locations. A remote attacker, using crafted JavaScript code that appends a child to a SCRIPT element, can exploit this flaw to bypass the same origin policy. (CVE-2015-1253) - The
    last seen2020-06-01
    modified2020-06-02
    plugin id83745
    published2015-05-21
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83745
    titleGoogle Chrome < 43.0.2357.65 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1023.NASL
    descriptionUpdated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Chromium is an open source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2015-1251, CVE-2015-1252, CVE-2015-1253, CVE-2015-1254, CVE-2015-1255, CVE-2015-1256, CVE-2015-1257, CVE-2015-1258, CVE-2015-1259, CVE-2015-1260, CVE-2015-1261, CVE-2015-1262, CVE-2015-1263, CVE-2015-1264, CVE-2015-1265) All Chromium users should upgrade to these updated packages, which contain Chromium version 43.0.2357.65, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2015-05-26
    plugin id83808
    published2015-05-26
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83808
    titleRHEL 6 : chromium-browser (RHSA-2015:1023)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3315.NASL
    descriptionSeveral vulnerabilities were discovered in the chromium web browser. - CVE-2015-1266 Intended access restrictions could be bypassed for certain URLs like chrome://gpu. - CVE-2015-1267 A way to bypass the Same Origin Policy was discovered. - CVE-2015-1268 Mariusz Mlynski also discovered a way to bypass the Same Origin Policy. - CVE-2015-1269 Mike Rudy discovered that hostnames were not properly compared in the HTTP Strict Transport Policy and HTTP Public Key Pinning features, which could allow those access restrictions to be bypassed. - CVE-2015-1270 Atte Kettunen discovered an uninitialized memory read in the ICU library. - CVE-2015-1271 cloudfuzzer discovered a buffer overflow in the pdfium library. - CVE-2015-1272 Chamal de Silva discovered race conditions in the GPU process implementation. - CVE-2015-1273 makosoft discovered a buffer overflow in openjpeg, which is used by the pdfium library embedded in chromium. - CVE-2015-1274 andrewm.bpi discovered that the auto-open list allowed certain file types to be executed immediately after download. - CVE-2015-1276 Colin Payne discovered a use-after-free issue in the IndexedDB implementation. - CVE-2015-1277 SkyLined discovered a use-after-free issue in chromium
    last seen2020-06-01
    modified2020-06-02
    plugin id84992
    published2015-07-27
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84992
    titleDebian DSA-3315-1 : chromium-browser - security update
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A9D456B4FE4C11E4AD1500262D5ED8EE.NASL
    descriptionGoogle Chrome Releases reports : 37 security fixes in this release, including : - [474029] High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous. - [464552] High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous. - [444927] High CVE-2015-1254: Cross-origin bypass in Editing. Credit to [email protected]. - [473253] High CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani. - [478549] High CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG. - [481015] High CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined working with HP
    last seen2020-06-01
    modified2020-06-02
    plugin id83556
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83556
    titleFreeBSD : chromium -- multiple vulnerabilities (a9d456b4-fe4c-11e4-ad15-00262d5ed8ee)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-390.NASL
    descriptionChromium was updated to 43.0.2357.65 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-1251: Use-after-free in Speech (boo#931659) - CVE-2015-1252: Sandbox escape in Chrome (boo#931671) - CVE-2015-1253: Cross-origin bypass in DOM (boo#931670) - CVE-2015-1254: Cross-origin bypass in Editing (boo#931669) - CVE-2015-1255: Use-after-free in WebAudio (boo#931674) - CVE-2015-1256: Use-after-free in SVG (boo#931664) - CVE-2015-1257: Container-overflow in SVG (boo#931665) - CVE-2015-1258: Negative-size parameter in Libvpx (boo#931666) - CVE-2015-1259: Uninitialized value in PDFium (boo#931667) - CVE-2015-1260: Use-after-free in WebRTC (boo#931668) - CVE-2015-1261: URL bar spoofing (boo#931673) - CVE-2015-1262: Uninitialized value in Blink (boo#931672) - CVE-2015-1263: Insecure download of spellcheck dictionary (boo#931663) - CVE-2015-1264: Cross-site scripting in bookmarks (boo#931661) - CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives (boo#931660) - Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21)
    last seen2020-06-05
    modified2015-06-01
    plugin id83915
    published2015-06-01
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83915
    titleopenSUSE Security Update : Chromium (openSUSE-2015-390)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_43_0_2357_65.NASL
    descriptionThe version of Google Chrome installed on the remote Mac OS X host is prior to 43.0.2357.65. It is, therefore, affected by multiple vulnerabilities : - A Use-after-free memory error exists in the SpeechRecognitionClient implementation that allows remote attackers, using a crafted document, to execute arbitrary code. (CVE-2015-1251) - The Write() and DoWrite() methods of the class PartialCircularBuffer do not properly handle wraps. A remote attacker, by using write operations with a large amount of data, can exploit this to bypass the sandbox protection or cause a denial of service. (CVE-2015-1252) - The DOM implementation in Blink does not properly handle SCRIPT elements during adjustment of DOM node locations. A remote attacker, using crafted JavaScript code that appends a child to a SCRIPT element, can exploit this flaw to bypass the same origin policy. (CVE-2015-1253) - The
    last seen2020-06-01
    modified2020-06-02
    plugin id83746
    published2015-05-21
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83746
    titleGoogle Chrome < 43.0.2357.65 Multiple Vulnerabilities (Mac OS X)

Redhat

rpms
  • chromium-browser-0:43.0.2357.65-1.el6_6
  • chromium-browser-debuginfo-0:43.0.2357.65-1.el6_6