7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.021 Low
EPSS
Percentile
89.2%
The version of Google Chrome on the remote host is prior to 42.0.2311.135 and is affected by the following vulnerabilities :
A use-after-free condition in the ‘MutationObserver::disconnect()’ function in ‘dom/MutationObserver.cpp’. The issue is triggered when iterating over a cloned set and attempting to unregister a MutationObserver registration already unregistered from the original set. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2015-1243)
A flaw exists in ‘media/audio/audio_parameters.cc’ that is triggered when handling channel counts that do not match the channel layout. This may allow a context-dependent attacker to potentially execute arbitrary code.
A flaw exists that is triggered when handling audio conversion with certain channel layouts. This may allow a context-dependent attacker to potentially execute arbitrary code.
A flaw exists in the ‘HTMLImportTreeRoot::recalcTimerFired()’ function in ‘html/imports/HTMLImportTreeRoot.cpp’. With a specially crafted web page, a context-dependent attacker can potentially execute arbitrary code.
OpenJPEG as used in Google Chrome contains an integer overflow condition in the ‘opj_j2k_update_image_data()’ function in ‘j2k.c’ that is triggered when handling overly large image dimensions. This may allow a context-dependent attacker to cause a heap-based buffer overflow, crashing an application linked against the library or potentially allow execution of arbitrary code. (CVE-2015-1250)
Binary data 8779.pasl