CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2014-7904 – chromium-browser: Buffer overflow in Skia
https://notcve.org/view.php?id=CVE-2014-7904
19 Nov 2014 — Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Desbordamiento de buffer en Skia, utilizado en Google Chrome anterior a 39.0.2171.65, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. A buffer overflow was discovered in Skia. If a user were tricked in to opening a specially c... • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2014-7906 – chromium-browser: Use-after-free in pepper plugins
https://notcve.org/view.php?id=CVE-2014-7906
19 Nov 2014 — Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's lifetime. Vulnerabilidad de uso después de liberación en los plugins Pepper en Google Chrome anterior a 39.0.2171.65 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no espe... • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7908 – chromium-browser: Integer overflow in media
https://notcve.org/view.php?id=CVE-2014-7908
19 Nov 2014 — Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in (1) MPEG-4 or (2) QuickTime .mov data. Múltiples desbordamientos de enteros en la función CheckMov ubicada en media/base/container_names.cc en Google Chorme anterior a 39.0.2171.65 permiten a atacantes remotos causar una denegación de servicio o posiblemente tener otro impact... • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7899 – chromium-browser: Address bar spoofing
https://notcve.org/view.php?id=CVE-2014-7899
19 Nov 2014 — Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. Google Chrome anterior a 38.0.2125.101 permite a atacantes remotos falsificar la barra de direcciones mediante la colocación de un blob, es decir, una subcadena al principio de la dirección URL, seguido por el esquema original URI y una cadena con un largo nombre de usuario. Chromium is an open-source web... • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html • CWE-20: Improper Input Validation CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3201
https://notcve.org/view.php?id=CVE-2014-3201
10 Oct 2014 — core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar. core/rendering/compositing/RenderLayerCompositor.cpp en Blink, utilizado en Google Chrome anterior a 38.0.2125.102 en Android, no maneja debidamente cierta condición de desbordamiento de IFRAME, lo que permite a atacantes r... • http://googlechromereleases.blogspot.com/2014/10/chrome-for-android-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2014-3200 – chromium: multiple unspecified issues fixed in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3200
08 Oct 2014 — Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificados en Google Chrome anterior a 38.0.2125.101 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. Multiple use-after-free issues were discovered in Blink. If a user were tricked in to opening a specially crafted w... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-7967 – Ubuntu Security Notice USN-2345-1
https://notcve.org/view.php?id=CVE-2014-7967
08 Oct 2014 — Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, as used in Google Chrome before 38.0.2125.101, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 anterior a 3.28.71.15, utilizado en Google Chrome anterior a 38.0.2125.101, permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. Multiple use-after-free iss... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3193 – chromium: multiple security fixes in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3193
08 Oct 2014 — The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors that leverage "type confusion" for callback processing. La función SessionService::GetLastSession en browser/sessions/session_service.cc en Google Chrome anterior a 38.0.2125.101 permite a atacantes remotos causar una denegación de servicio (uso después de liberación... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 55EXPL: 0CVE-2014-3187
https://notcve.org/view.php?id=CVE-2014-3187
08 Oct 2014 — Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site. Google Chrome anterior a 37.0.2062.60 y 38.x anterior a 38.0.2125.59 en iOS no restringe debidamente el procesamiento de las URLs (1) facetime:// y (2) facetime-audio://, lo que permite a atacantes remotos obtener datos de vídeo y audio de un dispositivo... • http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3191 – chromium: multiple security fixes in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3191
08 Oct 2014 — Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that improperly interacts with the render tree, related to the FrameView::updateLayoutAndStyleForPainting function in core/frame/FrameView.cpp and the RenderLayerScrollableArea::setScrollOffset function in core/rendering/RenderLayerScrollableArea.cpp. Vulnerabilid... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-416: Use After Free •