Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10546
HistoryApr 14, 2015 - 12:00 a.m.

KLA10546 Multiple vulnerabilities in Google Chrome

2015-04-1400:00:00
Kaspersky Lab
threats.kaspersky.com
30

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.044 Low

EPSS

Percentile

92.4%

JSON

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, cause denial of service or possible execute arbitrary code.

Below is a complete list of vulnerabilities

  1. Unknown vulnerability can be exploited remotely via vectors related to HTML parser, Blink, Web Sockets, OpenSearch and other unknown vectors;
  2. Use-after-free vulnerability can be exploited remotely via vectors related to IPC, PDFium;
  3. Out-of-bounds vulnerability can be exploited remotely via vectors related to Skia, Blink and WebGL;
  4. Type confusion and other unknown vulnerabilities can be exploited remotely via vectors related to V8.

Original advisories

Google update new

Related products

Google-Chrome

CVE list

CVE-2015-1240 critical

CVE-2015-1238 critical

CVE-2015-1245 high

CVE-2015-1244 critical

CVE-2015-1242 critical

CVE-2015-1241 warning

CVE-2015-1249 critical

CVE-2015-1248 warning

CVE-2015-1247 critical

CVE-2015-1246 critical

CVE-2015-1236 warning

CVE-2015-1237 critical

CVE-2015-1235 critical

Solution

Update to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk.

Get Google Chrome

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Google Chrome versions earlier thanΒ 42.0.2311.90

Related

redhat 1
threatpost 1
freebsd 1
chrome 1
archlinux 1
nessus 9
thn 1
openvas 14
mageia 1
osv 1
ubuntu 1
securityvulns 3
debian 2
gentoo 1
ubuntucve 13
nvd 13
cvelist 13
prion 13
debiancve 13
cve 13
redhat
redhat
(RHSA-2015:0816) Important: chromium-browser security update
2015-04-16 00:00:00
threatpost
threatpost
Google Fixes Dozens of Bugs in Chrome 42
2015-04-14 14:44:57
freebsd
freebsd
chromium -- multiple vulnerabilities
2015-04-14 00:00:00
chrome
chrome
Stable Channel Update
2015-04-14 00:00:00
archlinux
archlinux
chromium: multiple issues
2015-04-18 00:00:00
nessus
nessus
RHEL 6 : chromium-browser (RHSA-2015:0816)
2015-04-17 00:00:00
FreeBSD : chromium -- multiple vulnerabilities (b57f690e-ecc9-11e4-876c-00262d5ed8ee)
2015-04-28 00:00:00
Google Chrome < 42.0.2311.90 Multiple Vulnerabilities
2015-04-16 00:00:00
thn
thn
Google Launches Chrome 42 with Push Notifications
2015-04-15 01:31:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0164)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-3238-1)
2015-04-25 00:00:00
Debian Security Advisory DSA 3238-1 (chromium-browser - security update)
2015-04-26 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2015-04-24 00:14:25
osv
osv
chromium-browser - security update
2015-04-26 00:00:00
ubuntu
ubuntu
Oxide vulnerabilities
2015-04-27 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3238-1] chromium-browser security update
2015-05-05 00:00:00
Google Chrome / Chromium multiple security vulnerabilities
2015-05-25 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2015-03-23 00:00:00
debian
debian
[SECURITY] [DSA 3238-1] chromium-browser security update
2015-04-27 02:41:29
[SECURITY] [DSA 3238-1] chromium-browser security update
2015-04-27 02:41:29
gentoo
gentoo
Chromium: Multiple vulnerabilities
2015-06-23 00:00:00
ubuntucve
ubuntucve
CVE-2015-1248
2015-04-19 00:00:00
CVE-2015-1244
2015-04-19 00:00:00
CVE-2015-1240
2015-04-19 00:00:00
nvd
nvd
CVE-2015-1248
2015-04-19 10:59:11
CVE-2015-1244
2015-04-19 10:59:07
CVE-2015-1240
2015-04-19 10:59:04
cvelist
cvelist
CVE-2015-1244
2015-04-19 10:00:00
CVE-2015-1240
2015-04-19 10:00:00
CVE-2015-1245
2015-04-19 10:00:00
prion
prion
Design/Logic Flaw
2015-04-19 10:59:00
Code injection
2015-04-19 10:59:00
Type confusion
2015-04-19 10:59:00
debiancve
debiancve
CVE-2015-1244
2015-04-19 10:59:00
CVE-2015-1240
2015-04-19 10:59:00
CVE-2015-1245
2015-04-19 10:59:00
cve
cve
CVE-2015-1244
2015-04-19 10:59:07
CVE-2015-1245
2015-04-19 10:59:08
CVE-2015-1248
2015-04-19 10:59:11

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.044 Low

EPSS

Percentile

92.4%

JSON
Related for KLA10546
redhat1threatpost1freebsd1chrome1archlinux1nessus9thn1openvas14mageia1osv1ubuntu1securityvulns3debian2gentoo1ubuntucve13nvd13cvelist13prion13debiancve13cve13