CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2014-7906 – chromium-browser: Use-after-free in pepper plugins
https://notcve.org/view.php?id=CVE-2014-7906
19 Nov 2014 — Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's lifetime. Vulnerabilidad de uso después de liberación en los plugins Pepper en Google Chrome anterior a 39.0.2171.65 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no espe... • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7903 – Gentoo Linux Security Advisory 201412-13
https://notcve.org/view.php?id=CVE-2014-7903
19 Nov 2014 — Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image. Desbordamiento de buffer en OpenJPEG anterior a r2911 en PDFium, usado en Google Chrome anterior a 39.0.2171.65, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto a través de una imagen JPEG manipulada. Multiple vulnerabilities have been found i... • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2014-7904 – chromium-browser: Buffer overflow in Skia
https://notcve.org/view.php?id=CVE-2014-7904
19 Nov 2014 — Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Desbordamiento de buffer en Skia, utilizado en Google Chrome anterior a 39.0.2171.65, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. A buffer overflow was discovered in Skia. If a user were tricked in to opening a specially c... • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7899 – chromium-browser: Address bar spoofing
https://notcve.org/view.php?id=CVE-2014-7899
19 Nov 2014 — Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. Google Chrome anterior a 38.0.2125.101 permite a atacantes remotos falsificar la barra de direcciones mediante la colocación de un blob, es decir, una subcadena al principio de la dirección URL, seguido por el esquema original URI y una cadena con un largo nombre de usuario. Chromium is an open-source web... • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html • CWE-20: Improper Input Validation CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 14CVE-2014-7910 – GNU Bash - Environment Variable Command Injection
https://notcve.org/view.php?id=CVE-2014-7910
19 Nov 2014 — Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades sin especificar en Google Chrome anterior a 39.0.2171.65 permitirían a atacantes remotos causar una denegación de servicio o posiblemente otro impacto mediante vectores desconocidos. A buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacked could potent... • https://www.exploit-db.com/exploits/34777 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7907 – chromium-browser: Use-after-free in blink
https://notcve.org/view.php?id=CVE-2014-7907
19 Nov 2014 — Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock methods. Múltiples vulnerabilidades de uso después de liberación en modules/screen_orientation/ScreenOrientationController.cpp en Blink, usado en Google Chro... • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3201
https://notcve.org/view.php?id=CVE-2014-3201
10 Oct 2014 — core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar. core/rendering/compositing/RenderLayerCompositor.cpp en Blink, utilizado en Google Chrome anterior a 38.0.2125.102 en Android, no maneja debidamente cierta condición de desbordamiento de IFRAME, lo que permite a atacantes r... • http://googlechromereleases.blogspot.com/2014/10/chrome-for-android-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3189 – chromium: OOB reads in PDFium fixed in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3189
08 Oct 2014 — The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors. La función chrome_pdf::CopyImage en pdf/draw_utils.cc en el componente PDFium en Google Chrome anterior a 38.0.2125.101 no valida debidamente las dimensiones de los datos de imágenes, lo que permite a ... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-125: Out-of-bounds Read CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3196
https://notcve.org/view.php?id=CVE-2014-3196
08 Oct 2014 — base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors. base/memory/shared_memory_win.cc en Google Chrome anterior a 38.0.2125.101 en Windows no implementa debidamente las restricciones de sólo lectura en la memoria compartida, lo que permite a atacantes remotos evadir un mecanismo de protección sandbox a través de vectores no... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3195 – v8: information leak fixed in Google Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3195
08 Oct 2014 — Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_Array... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-399: Resource Management Errors •