Out-of-Bounds Affecting chromium-browser package, versions <40.0.2214.94-0ubuntu1.1120
Threat Intelligence
EPSS
0.44% (76th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UBUNTU1804-CHROMIUMBROWSER-408405
- published 6 Oct 2017
- disclosed 6 Oct 2017
Introduced: 6 Oct 2017
CVE-2015-1206 Open this link in a new tabHow to fix?
Upgrade Ubuntu:18.04 chromium-browser to version 40.0.2214.94-0ubuntu1.1120 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream chromium-browser package and not the chromium-browser package as distributed by Ubuntu.
See How to fix? for Ubuntu:18.04 relevant fixed versions and status.
Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.