CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2014-7904 – chromium-browser: Buffer overflow in Skia
https://notcve.org/view.php?id=CVE-2014-7904
19 Nov 2014 — Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Desbordamiento de buffer en Skia, utilizado en Google Chrome anterior a 39.0.2171.65, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. A buffer overflow was discovered in Skia. If a user were tricked in to opening a specially c... • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7899 – chromium-browser: Address bar spoofing
https://notcve.org/view.php?id=CVE-2014-7899
19 Nov 2014 — Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. Google Chrome anterior a 38.0.2125.101 permite a atacantes remotos falsificar la barra de direcciones mediante la colocación de un blob, es decir, una subcadena al principio de la dirección URL, seguido por el esquema original URI y una cadena con un largo nombre de usuario. Chromium is an open-source web... • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html • CWE-20: Improper Input Validation CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 14CVE-2014-7910 – GNU Bash - Environment Variable Command Injection
https://notcve.org/view.php?id=CVE-2014-7910
19 Nov 2014 — Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades sin especificar en Google Chrome anterior a 39.0.2171.65 permitirían a atacantes remotos causar una denegación de servicio o posiblemente otro impacto mediante vectores desconocidos. A buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacked could potent... • https://www.exploit-db.com/exploits/34777 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7907 – chromium-browser: Use-after-free in blink
https://notcve.org/view.php?id=CVE-2014-7907
19 Nov 2014 — Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock methods. Múltiples vulnerabilidades de uso después de liberación en modules/screen_orientation/ScreenOrientationController.cpp en Blink, usado en Google Chro... • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3201
https://notcve.org/view.php?id=CVE-2014-3201
10 Oct 2014 — core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar. core/rendering/compositing/RenderLayerCompositor.cpp en Blink, utilizado en Google Chrome anterior a 38.0.2125.102 en Android, no maneja debidamente cierta condición de desbordamiento de IFRAME, lo que permite a atacantes r... • http://googlechromereleases.blogspot.com/2014/10/chrome-for-android-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3189 – chromium: OOB reads in PDFium fixed in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3189
08 Oct 2014 — The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors. La función chrome_pdf::CopyImage en pdf/draw_utils.cc en el componente PDFium en Google Chrome anterior a 38.0.2125.101 no valida debidamente las dimensiones de los datos de imágenes, lo que permite a ... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-125: Out-of-bounds Read CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3196
https://notcve.org/view.php?id=CVE-2014-3196
08 Oct 2014 — base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors. base/memory/shared_memory_win.cc en Google Chrome anterior a 38.0.2125.101 en Windows no implementa debidamente las restricciones de sólo lectura en la memoria compartida, lo que permite a atacantes remotos evadir un mecanismo de protección sandbox a través de vectores no... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3195 – v8: information leak fixed in Google Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3195
08 Oct 2014 — Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_Array... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 55EXPL: 0CVE-2014-3187
https://notcve.org/view.php?id=CVE-2014-3187
08 Oct 2014 — Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site. Google Chrome anterior a 37.0.2062.60 y 38.x anterior a 38.0.2125.59 en iOS no restringe debidamente el procesamiento de las URLs (1) facetime:// y (2) facetime-audio://, lo que permite a atacantes remotos obtener datos de vídeo y audio de un dispositivo... • http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-7967 – Ubuntu Security Notice USN-2345-1
https://notcve.org/view.php?id=CVE-2014-7967
08 Oct 2014 — Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, as used in Google Chrome before 38.0.2125.101, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 anterior a 3.28.71.15, utilizado en Google Chrome anterior a 38.0.2125.101, permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. Multiple use-after-free iss... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html •