chromium -- multiple vulnerabilities
Google Chrome Releases reports:
45 new security fixes, including:
-  High CVE-2015-1235: Cross-origin-bypass in HTML
parser. Credit to anonymous.
-  Medium CVE-2015-1236: Cross-origin-bypass in Blink.
Credit to Amitay Dobo.
-  High CVE-2015-1237: Use-after-free in IPC. Credit to
-  High CVE-2015-1238: Out-of-bounds write in Skia.
Credit to cloudfuzzer.
-  Medium CVE-2015-1240: Out-of-bounds read in WebGL.
Credit to w3bd3vil.
-  Medium CVE-2015-1241: Tap-Jacking. Credit to Phillip
Moon and Matt Weston of Sandfield Information Systems.
-  High CVE-2015-1242: Type confusion in V8. Credit to
-  Medium CVE-2015-1244: HSTS bypass in WebSockets.
Credit to Mike Ruddy.
-  Medium CVE-2015-1245: Use-after-free in PDFium. Credit
to Khalil Zhani.
-  Medium CVE-2015-1246: Out-of-bounds read in Blink.
Credit to Atte Kettunen of OUSPG.
-  Medium CVE-2015-1247: Scheme issues in OpenSearch.
Credit to Jann Horn.
-  Medium CVE-2015-1248: SafeBrowsing bypass. Credit to
Vittorio Gambaletta (VittGam).
-  CVE-2015-1249: Various fixes from internal audits,
fuzzing and other initiatives. Multiple vulnerabilities in V8
fixed at the tip of the 4.2 branch (currently 126.96.36.199).
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright