CVE-2015-1234
medium
CVSS v3
—
CVSS v2
6.8
VIR risk
6.8
Description
Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| macos | not-affected | | |
| linux-kernel | not-affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| chrome | {"endIncluding":"41.0.2272.102"} | |
References
- http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html
- http://rhn.redhat.com/errata/RHSA-2015-0778.html
- http://www.securityfocus.com/bid/73486
- http://www.securitytracker.com/id/1032012
- http://www.ubuntu.com/usn/USN-2556-1
- https://code.google.com/p/chromium/issues/detail?id=468936
- https://codereview.chromium.org/1016193003
- https://security.gentoo.org/glsa/201506-04
- http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html
- http://rhn.redhat.com/errata/RHSA-2015-0778.html
- http://www.securityfocus.com/bid/73486
- http://www.securitytracker.com/id/1032012
- http://www.ubuntu.com/usn/USN-2556-1
- https://code.google.com/p/chromium/issues/detail?id=468936
- https://codereview.chromium.org/1016193003
- https://security.gentoo.org/glsa/201506-04
CWEs
CWE-362
Verify integrity in audit chain (admin only). AS-IS.