CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-7933 – chromium-browser: use-after-free in FFmpeg
https://notcve.org/view.php?id=CVE-2014-7933
22 Jan 2015 — Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers improper maintenance of tracks data. Vulnerabilidad de uso después de liberación en la función matroska_read_seek en libavformat/matroskadec.c en FFmpeg anterior a 2.5.1, utilizado en Google Chrome anterior a 40.... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=490a3ebf36821b81f73e34ad3f554cb523dd2682 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0CVE-2014-7942 – chromium-browser: uninitialized-value in Fonts
https://notcve.org/view.php?id=CVE-2014-7942
22 Jan 2015 — The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. La implementación Fuentes en Google Chrome anterior a 40.0.2214.91 no inicializa la memoria para una estructura de datos, lo que permite a atacantes remotos causar una denegación de servicio o la posibilidad de tener otro impacto sin especificar a través de vectores no conocidos... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-399: Resource Management Errors CWE-456: Missing Initialization of a Variable •
CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 0CVE-2014-7941 – chromium-browser: out-of-bounds read in UI
https://notcve.org/view.php?id=CVE-2014-7941
22 Jan 2015 — The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data. La función SelectionOwner::ProcessTarget en ui/base/x/selection_owner.cc en la implementación UI en Google Chrome anterior a 40.0.2214.91 utiliza un tipo de datos incorrecto para cierto valor de longitud, lo que permi... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2014-7939 – chromium-browser: same-origin-bypass in V8
https://notcve.org/view.php?id=CVE-2014-7939
22 Jan 2015 — Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header. Google Chrome anterior aq 40.0.2214.91, cuando el proxy Harmony en Google V8 está habilitado, permite a atacantes remotos evadir Same Origin Policy a través de código JavaScript manipulado con llamadas Proxy.create y conso... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2014-7940 – ICU: uninitialized value use in the collation component
https://notcve.org/view.php?id=CVE-2014-7940
22 Jan 2015 — The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. La implementación collator en i18n/ucol.cpp en International Components for Unicode (ICU) 52 hasta la revisión SVN 293126, utilizada en Google Chrome anterior ... • http://advisories.mageia.org/MGASA-2015-0047.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7929 – chromium-browser: use-after-free in DOM
https://notcve.org/view.php?id=CVE-2014-7929
22 Jan 2015 — Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving movement of a SCRIPT element across documents. Vulnerabilidad de uso después de liberación en la función HTMLScriptElement::didMoveToNewDocument en core/html/HTMLScriptElement.cpp en la impleme... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-17: DEPRECATED: Code CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7936 – chromium-browser: use-after-free in Views
https://notcve.org/view.php?id=CVE-2014-7936
22 Jan 2015 — Use-after-free vulnerability in the ZoomBubbleView::Close function in browser/ui/views/location_bar/zoom_bubble_view.cc in the Views implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that triggers improper maintenance of a zoom bubble. Vulnerabilidad uso después de liberación en la función ZoomBubbleView::Close en browser/ui/views/location_bar/zoom_bubble_view.cc en la implementación Views... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7930 – chromium-browser: use-after-free in DOM
https://notcve.org/view.php?id=CVE-2014-7930
22 Jan 2015 — Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of TreeScope data. Vulnerabilidad de uso después de liberación en core/events/TreeScopeEventContext.cpp en la implementación DOM en Blink, utilizado en Google Chrome anterior a 40.0.2214.91, permite a a... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7938 – chromium-browser: memory corruption in Fonts
https://notcve.org/view.php?id=CVE-2014-7938
22 Jan 2015 — The Fonts implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. La implementación Fonts en Google Chrome anterior a 40.0.2214.91 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o la posibilidad de tener otro impacto no especificado a través de vectores desconocidos. Several memory corruption bugs were discovered in ICU. If a user were tri... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7935 – chromium-browser: use-after-free in Speech
https://notcve.org/view.php?id=CVE-2014-7935
22 Jan 2015 — Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utterances from a closed tab. Vulnerabilidad de uso después de liberación en browser/speech/tts_message_filter.cc en la implementación Speech en Google Chrome anterior a 40.0.2214.91 permite a atacantes remotos causar una denagación de servicio o la posibilida... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-416: Use After Free •