English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.703238
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-3238-1)
Summary:The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-3238-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-3238-1 advisory.

Vulnerability Insight:
Several vulnerabilities were discovered in the chromium web browser.

CVE-2015-1235

A Same Origin Policy bypass issue was discovered in the HTML parser.

CVE-2015-1236

Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API.

CVE-2015-1237

Khalil Zhani discovered a use-after-free issue in IPC.

CVE-2015-1238

cloudfuzzer discovered an out-of-bounds write in the skia library.

CVE-2015-1240

w3bd3vil discovered an out-of-bounds read in the WebGL implementation.

CVE-2015-1241

Phillip Moon and Matt Weston discovered a way to trigger local user interface actions remotely via a crafted website.

CVE-2015-1242

A type confusion issue was discovered in the v8 javascript library.

CVE-2015-1244

Mike Ruddy discovered a way to bypass the HTTP Strict Transport Security policy.

CVE-2015-1245

Khalil Zhani discovered a use-after-free issue in the pdfium library.

CVE-2015-1246

Atte Kettunen discovered an out-of-bounds read issue in webkit/blink.

CVE-2015-1247

Jann Horn discovered that file: URLs in OpenSearch documents were not sanitized, which could allow local files to be read remotely when using the OpenSearch feature from a crafted website.

CVE-2015-1248

Vittorio Gambaletta discovered a way to bypass the SafeBrowsing feature, which could allow the remote execution of a downloaded executable file.

CVE-2015-1249

The chrome 41 development team found various issues from internal fuzzing, audits, and other studies.

CVE-2015-3333

Multiple issues were discovered and fixed in v8 4.2.7.14.

CVE-2015-3334

It was discovered that remote websites could capture video data from attached web cameras without permission.

CVE-2015-3336

It was discovered that remote websites could cause user interface disruptions like window fullscreening and mouse pointer locking.

For the stable distribution (jessie), these problems have been fixed in version 42.0.2311.90-1~
deb8u1.

For the testing (stretch) and unstable (sid) distributions, these problems have been fixed in version 42.0.2311.90-1.

We recommend that you upgrade your chromium-browser packages.

Affected Software/OS:
'chromium-browser' package(s) on Debian 8.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-1235
Debian Security Information: DSA-3238 (Google Search)
http://www.debian.org/security/2015/dsa-3238
https://security.gentoo.org/glsa/201506-04
RedHat Security Advisories: RHSA-2015:0816
http://rhn.redhat.com/errata/RHSA-2015-0816.html
http://www.securitytracker.com/id/1032209
SuSE Security Announcement: openSUSE-SU-2015:0748 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html
SuSE Security Announcement: openSUSE-SU-2015:1887 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html
http://ubuntu.com/usn/USN-2570-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-1236
http://ubuntu.com/usn/usn-2570-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-1237
Common Vulnerability Exposure (CVE) ID: CVE-2015-1238
Common Vulnerability Exposure (CVE) ID: CVE-2015-1240
Common Vulnerability Exposure (CVE) ID: CVE-2015-1241
Common Vulnerability Exposure (CVE) ID: CVE-2015-1242
Common Vulnerability Exposure (CVE) ID: CVE-2015-1244
Common Vulnerability Exposure (CVE) ID: CVE-2015-1245
Common Vulnerability Exposure (CVE) ID: CVE-2015-1246
Common Vulnerability Exposure (CVE) ID: CVE-2015-1247
Common Vulnerability Exposure (CVE) ID: CVE-2015-1248
Common Vulnerability Exposure (CVE) ID: CVE-2015-1249
Common Vulnerability Exposure (CVE) ID: CVE-2015-3333
BugTraq ID: 74221
http://www.securityfocus.com/bid/74221
Common Vulnerability Exposure (CVE) ID: CVE-2015-3334
BugTraq ID: 74225
http://www.securityfocus.com/bid/74225
Common Vulnerability Exposure (CVE) ID: CVE-2015-3336
BugTraq ID: 74227
http://www.securityfocus.com/bid/74227
CopyrightCopyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.