Vulnerabilities > CVE-2015-3333 - Security vulnerability in Google V8
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Vulnerable Configurations
Nessus
NASL family Windows NASL id GOOGLE_CHROME_42_0_2311_90.NASL description The version of Google Chrome installed on the remote Windows host is prior to 42.0.2311.90. It is, therefore, affected by multiple vulnerabilities : - A cross-origin bypass vulnerability exists due to an unspecified flaw in the HTML parser. (CVE-2015-1235) - A cross-origin bypass vulnerability exists due to a flaw in MediaElementAudioSourceNode.cpp when handling audio content. (CVE-2015-1236) - A use-after-free error exists in render_frame_impl.cc due to improper handling of a frame when it receives messages while detaching. An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1237) - An unspecified out-of-bounds write flaw exists in the Skia filters. (CVE-2015-1238) - An out-of-bounds read flaw exists in WebGL due to improper handling of ES3 commands. An attacker can exploit this flaw to disclose memory contents. (CVE-2015-1240) - An unspecified tap-jacking flaw exists when certain tap events aren last seen 2020-06-01 modified 2020-06-02 plugin id 82825 published 2015-04-16 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82825 title Google Chrome < 42.0.2311.90 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-320.NASL description Chromium was updated to latest stable release 42.0.2311.90 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-1235: Cross-origin-bypass in HTML parser. - CVE-2015-1236: Cross-origin-bypass in Blink. - CVE-2015-1237: Use-after-free in IPC. - CVE-2015-1238: Out-of-bounds write in Skia. - CVE-2015-1240: Out-of-bounds read in WebGL. - CVE-2015-1241: Tap-Jacking. - CVE-2015-1242: Type confusion in V8. - CVE-2015-1244: HSTS bypass in WebSockets. - CVE-2015-1245: Use-after-free in PDFium. - CVE-2015-1246: Out-of-bounds read in Blink. - CVE-2015-1247: Scheme issues in OpenSearch. - CVE-2015-1248: SafeBrowsing bypass. - CVE-2015-1249: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2015-3333: Multiple vulnerabilities in V8 fixed at the tip of the 4.2 branch (currently 4.2.77.14). - CVE-2015-3336: fullscreen and UI locking without user confirmeation - CVE-2015-3335: unspecified impact of crafed programs running in NaCl sandbox - CVE-2015-3334: last seen 2020-06-05 modified 2015-04-23 plugin id 83025 published 2015-04-23 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83025 title openSUSE Security Update : Chromium (openSUSE-2015-320) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2570-1.NASL description An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1235) An issue was discovered in the Web Audio API implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1236) A use-after-free was discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1237) An out-of-bounds write was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1238) An out-of-bounds read was discovered in the WebGL implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2015-1240) An issue was discovered with the interaction of page navigation and touch event handling. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct last seen 2020-06-01 modified 2020-06-02 plugin id 83109 published 2015-04-28 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83109 title Ubuntu 14.04 LTS / 14.10 / 15.04 : oxide-qt vulnerabilities (USN-2570-1) NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_42_0_2311_90.NASL description The version of Google Chrome installed on the remote Mac OS X host is prior to 42.0.2311.90. It is, therefore, affected by multiple vulnerabilities : - A cross-origin bypass vulnerability exists due to an unspecified flaw in the HTML parser. (CVE-2015-1235) - A cross-origin bypass vulnerability exists due to a flaw in MediaElementAudioSourceNode.cpp when handling audio content. (CVE-2015-1236) - A use-after-free error exists in render_frame_impl.cc due to improper handling of a frame when it receives messages while detaching. An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1237) - An unspecified out-of-bounds write flaw exists in the Skia filters. (CVE-2015-1238) - An out-of-bounds read flaw exists in WebGL due to improper handling of ES3 commands. An attacker can exploit this flaw to disclose memory contents. (CVE-2015-1240) - An unspecified tap-jacking flaw exists when certain tap events aren last seen 2020-06-01 modified 2020-06-02 plugin id 82826 published 2015-04-16 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82826 title Google Chrome < 42.0.2311.90 Multiple Vulnerabilities (Mac OS X) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3238.NASL description Several vulnerabilities were discovered in the chromium web browser. - CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser. - CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API. - CVE-2015-1237 Khalil Zhani discovered a use-after-free issue in IPC. - CVE-2015-1238 last seen 2020-06-01 modified 2020-06-02 plugin id 83120 published 2015-04-29 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83120 title Debian DSA-3238-1 : chromium-browser - security update